Patch "net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)" has been added to the 3.12-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)

to the 3.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-add-bug_on-if-kernel-advertises-msg_namelen-sizeof-struct-sockaddr_storage.patch
and it can be found in the queue-3.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Thu Dec  5 16:16:39 PST 2013
From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Nov 2013 03:14:34 +0100
Subject: net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)

From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>

[ Upstream commit 68c6beb373955da0886d8f4f5995b3922ceda4be ]

In that case it is probable that kernel code overwrote part of the
stack. So we should bail out loudly here.

The BUG_ON may be removed in future if we are sure all protocols are
conformant.

Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Signed-off-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/socket.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/socket.c
+++ b/net/socket.c
@@ -221,12 +221,13 @@ static int move_addr_to_user(struct sock
 	int err;
 	int len;
 
+	BUG_ON(klen > sizeof(struct sockaddr_storage));
 	err = get_user(len, ulen);
 	if (err)
 		return err;
 	if (len > klen)
 		len = klen;
-	if (len < 0 || len > sizeof(struct sockaddr_storage))
+	if (len < 0)
 		return -EINVAL;
 	if (len) {
 		if (audit_sockaddr(klen, kaddr))


Patches currently in stable-queue which might be from hannes@xxxxxxxxxxxxxxxxxxx are

queue-3.12/ipv6-fix-inet6_init-cleanup-order.patch
queue-3.12/ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
queue-3.12/ping-prevent-null-pointer-dereference-on-write-to-msg_name.patch
queue-3.12/inet-prevent-leakage-of-uninitialized-memory-to-user-in-recv-syscalls.patch
queue-3.12/net-rework-recvmsg-handler-msg_name-and-msg_namelen-logic.patch
queue-3.12/ipv6-fix-possible-seqlock-deadlock-in-ip6_finish_output2.patch
queue-3.12/net-add-bug_on-if-kernel-advertises-msg_namelen-sizeof-struct-sockaddr_storage.patch
queue-3.12/ipv6-use-rt6_get_dflt_router-to-get-default-router-in.patch
queue-3.12/random32-fix-off-by-one-in-seeding-requirement.patch
queue-3.12/inet-fix-possible-seqlock-deadlocks.patch
queue-3.12/inet-fix-addr_len-msg-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch
queue-3.12/ipv6-protect-for_each_sk_fl_rcu-in-mem_check-with.patch
queue-3.12/ipv6-fix-leaking-uninitialized-port-number-of-offender-sockaddr.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]